Using NVIDIA BlueField-3 for TLS Termination, DPI, and Re-Encryption

Infrastructure & Networking DOCA Security
,
1

Hello,

I’m exploring the use of NVIDIA BlueField-3 DPU for deep packet inspection (DPI) in a TLS-encrypted environment.

Use Case:

  • BlueField-3 terminates incoming TLS sessions from clients.
  • It then forwards the decrypted traffic to an application running on the host server for inspection.
  • The application analyzes the plain-text data and blocks any malicious or malformed traffic.
  • Clean traffic is then sent back to the BlueField-3, which should:
    • Establish a new TLS session with the intended backend server,
    • Re-encrypt the traffic,
    • And forward it accordingly.

This setup is intended to protect multiple backend servers, possibly located across different data centers.

Questions:

  1. Is this architecture supported by BlueField-3 in DPU mode?
  2. What is the maximum number of concurrent TLS sessions BlueField-3 can manage?
  3. Are there any limitations on session or connection tracking, especially when protecting a large number of clients and backend servers?

Any guidance, best practices, or reference materials would be greatly appreciated.

Thanks!

2

Hi balki.ece,

Thank you for posting your query on NVIDIA community!

Based on internal check, this needs escalation to our Engineering Team for which a valid support and BF-3 entitlement is required.

If there an active entitlement/support contract in place, please do not hesitate to open a support ticket by emailing enterprisesupport@nvidia.com

For contracts, please reach out to Networking-Contracts@nvidia.com

Thanks,
Namrata.